Bug 2446 - NT 4 Workstation can't join Samba domain on the fly.
NT 4 Workstation can't join Samba domain on the fly.
Product: Samba 3.0
Classification: Unclassified
Component: smbldap-tools
x86 Linux
: P3 normal
: none
Assigned To: Tournier Jerome
smbldap-tools team
Depends on:
  Show dependency treegraph
Reported: 2005-03-14 09:48 UTC by Robert Czechowski
Modified: 2005-08-24 10:18 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Czechowski 2005-03-14 09:48:26 UTC
I have set up a small test network comprised of one NT 4 (SP6a) Workstation, one
Windows 2000 Pro (SP3) and one Fedora Core 3 running samba 3.0.11 as a PDC. I'm
using openLDAP 2.2.13 as the passdb backend with smbldap-tools 0.8.7-1. The
Windows 2000 Pro machine can join the domain on the fly without any problems,
but the NT 4 box gives me an error when I try to join: "The machine account for
this computer either does not exist or is inaccessible". In the samba log I can see:

[2005/03/09 13:15:26, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479)
  ldapsam_modify_entry: Failed to modify user
dn=uid=nt4box$,ou=People,dc=economists-inc,dc=com with: No such attribute
        modify/delete: sambaPrimaryGroupSID: no such value
[2005/03/09 13:15:26, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1694)
  ldapsam_update_sam_account: failed to modify user with uid = nt4box$,
error: modify/delete: sambaPrimaryGroupSID: no such value (Success)

In the smb.conf file I have: 

add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'

When I run ./smbldap-useradd -w 'test' by hand it creates an entry without
objectClass: sambaSamAccount:

# test$, People, economists-inc.com
dn: uid=test$,ou=People,dc=economists-inc,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: test$
sn: test$
uid: test$
uidNumber: 1017
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer

The NT machine can join the domain after I run ./smbldap-useradd -w 'nt4box' and
then pdbedit -a -m -u 'nt4box', but not on the fly.
Comment 1 Gerald (Jerry) Carter 2005-03-14 10:09:44 UTC
I cna guarantee this works correctly in 3.0.11.  Probably a 
misconfiguration or bug the smbldap-tools.  Reassigning.
Comment 2 Robert Czechowski 2005-03-15 13:05:16 UTC
I'm getting the same error with smbldap-tools-0.8.6-1 and smbldap-tools-0.8.5-3.
Comment 3 Tournier Jerome 2005-03-24 07:43:08 UTC
for NT4, server's account belong to the Domain User group.
Try to use the 513 number for computer's account: in smbldap.conf, set the
following parameter:
> defaultComputerGid="513"
Comment 4 Tournier Jerome 2005-03-30 03:25:37 UTC
configuration problem for NT server
Comment 5 Gerald (Jerry) Carter 2005-08-24 10:18:56 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.